A new vulnerability in Microsoft Office has surfaced. The vulnerability is a memory corruption issue that resides in all versions of Microsoft Office that has been released in the past 17 years, which include Microsoft Office 365 and the latest version of Microsoft Windows 10.
The vulnerability allows remote code execution which allows a remote attacker to execute malicious code on the targeted system without needing user interaction to open a document. The vulnerability “CVE-2017-11882” which resides in “EQNEDT32.EXE”, is a MS Office component that is responsible for insertion and editing of equations in documents.
With improper memory operations, the component cannot properly handle the objects in memory which corrupt it enough to allow the attacker to execute malicious code in the context of the user that is logged in. Microsoft has released a patch for the vulnerability.
Users are recommended to install the November patches as soon as possible to ensure that their devices stay safe.